My current desktop (laptop) operating system is Windows 11 Pro, and I’m stuck with it. I can’t run essential programmes on Linux, macOS, or in a VM running on those systems.
However, since I would like to outsource my main activities to Linux, I have looked into Fedora (KDE PLASMA version) and it seems to meet my requirements. Especially since I have no CLI experience or anything similar.
Therefore, I am considering installing a second SSD on my Lenovo laptop and going with the dual boot option.
After some rough research, it seems that privacy and security will suffer, especially the latter.
Does anyone have any experience with this? Is a dual boot device less secure than a device with only Windows 11 Pro and/or Fedora KDE? Will I lose privacy with Fedora with such a setup (Will it be less private then on a seperate device)?
I have both installed on the same PC and neither OS can see what the other does, as I understand it (by encrypting one SSD with BitLocker and the other with LUKS). I’m not an expert.
The only issue I found was with sharing storage drives between Windows and Fedora
NTFS is wonky on Fedora (and any other OS really) so I’ve had issues with file paths breaking and apps just not seeing files. I do much prefer ext4 overall anyway, but that doesn’t work well on Windows.
But apart from that. It should be OK if you use separate storage disks for each OS use.
You might be better off treating Fedora KDE as your main OS and then have a drive just for Windows when needed.
What are you referring to? So long as you don’t disable secure boot for convenience, I can’t imagine why dual booting would negatively affect you in any unique way as opposed to using a single OS.
There is an older thread here which discusses problems with drive encryption while dual booting. So I am not sure if e. g. Bitlocker will work flawlessly.
This is not a question of threat models. Either there are actual security and privacy compromises, or there aren’t.
BitLocker doesn’t seem to work properly for the Windows partition. But it does for some people. That’s not a problem in principle; I could encrypt Fedora and Windows separately with VeraCrypt.
But I can’t deal with uncertainties like this, and there seem to be more.
Do they really exist, or are they just hyperspecific problems that have a solution?
I’ll probably have to stick with Windows for the next few years, which is a shame.
Edit: I can’t name all the problems that seem to occur, because they are just comments from other people. But I can’t deal with unstable systems at that point right now. It’s my only device which I need daily so sadly I can’t experiment or trail-and-error these things.
This is a question about threat models because the privacy and security decisions you are evaluating for yourself may affect your adversaries’ ability to exploit various attack vectors:
Without defining a threat model to begin with, no conclusion can be determined by anyone about whether your actions will lead to more or less privacy and/or security against your adversaries.
I want to protect my data in the traditional way from leaks and tracking that occur within the framework of surveillance capitalism (Edit: and mass surveillance in general).
Also, more in the long term, I may engage in high-risk research and activities that could potentially be politically persecuted in my country in the coming years.
Edit: So, basically: I want to protect my data from everyone, besides the not-E2EE services I intend to use. So even in this case – which is not actually a question of the threat model – Are Windows and Fedora in dual boot are more vulnerable to security risks than on a separate device?
If, for example, BitLocker encryption does not work, this is also an objective problem, regardless of the threat model. Of course, I can still say, ‘Okay, that doesn’t bother me.’ But I also assume the highest threat model and gradually accept things that are okay.
It introduces various issues regarding the /boot partition as well as which bootloader to use. Here is a topic from the Qubes OS Forum explaining some of them:
This applies to any multi-boot partitioning scheme, which I do not provide any technical support for, among other risky/unsupported configurations:
However, what I consider as risky/unsupported may be acceptable for you and/or others, so I respect others’ threat models, use cases and workflows by addressing them when given enough information to create informed recommendations and/or suggestions. In our example, even though the /boot partition may cause operating system conflicts and introduce various attack vectors, this may or may not apply to your threat model, so I am willing to engage in discussion with an open perspective that this may go either way.